Document error behavior of PKCS5_PBKDF2_HMAC and EVP_PBE_scrypt

Change-Id: I5ce176538a53136aff3eea4af04b762ac9a5a994
Reviewed-on: https://boringssl-review.googlesource.com/31044
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Joshua Liebow-Feeser 2018-08-14 14:11:13 -07:00 committed by CQ bot account: commit-bot@chromium.org
parent 1c2779e819
commit 21558f43ce
2 changed files with 17 additions and 5 deletions

View File

@ -187,6 +187,10 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
int ret = 0; int ret = 0;
block_t *T = B + B_blocks; block_t *T = B + B_blocks;
block_t *V = T + T_blocks; block_t *V = T + T_blocks;
// NOTE: PKCS5_PBKDF2_HMAC can only fail due to allocation failure
// or |iterations| of 0 (we pass 1 here). This is consistent with
// the documented failure conditions of EVP_PBE_scrypt.
if (!PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, 1, if (!PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, 1,
EVP_sha256(), B_bytes, (uint8_t *)B)) { EVP_sha256(), B_bytes, (uint8_t *)B)) {
goto err; goto err;

View File

@ -417,7 +417,7 @@ OPENSSL_EXPORT int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
// PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password| // PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password|
// and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It // and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It
// returns one on success and zero on error. // returns one on success and zero on allocation failure or if iterations is 0.
OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len, OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
const uint8_t *salt, size_t salt_len, const uint8_t *salt, size_t salt_len,
unsigned iterations, const EVP_MD *digest, unsigned iterations, const EVP_MD *digest,
@ -433,12 +433,20 @@ OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC_SHA1(const char *password,
// EVP_PBE_scrypt expands |password| into a secret key of length |key_len| using // EVP_PBE_scrypt expands |password| into a secret key of length |key_len| using
// scrypt, as described in RFC 7914, and writes the result to |out_key|. It // scrypt, as described in RFC 7914, and writes the result to |out_key|. It
// returns one on success and zero on error. // returns one on success and zero on allocation failure, if the memory required
// for the operation exceeds |max_mem|, or if any of the parameters are invalid
// as described below.
// //
// |N|, |r|, and |p| are as described in RFC 7914 section 6. They determine the // |N|, |r|, and |p| are as described in RFC 7914 section 6. They determine the
// cost of the operation. If the memory required exceeds |max_mem|, the // cost of the operation. If |max_mem| is zero, a defult limit of 32MiB will be
// operation will fail instead. If |max_mem| is zero, a defult limit of 32MiB // used.
// will be used. //
// The parameters are considered invalid under any of the following conditions:
// - |r| or |p| are zero
// - |p| > (2^30 - 1) / |r|
// - |N| is not a power of two
// - |N| > 2^32
// - |N| > 2^(128 * |r| / 8)
OPENSSL_EXPORT int EVP_PBE_scrypt(const char *password, size_t password_len, OPENSSL_EXPORT int EVP_PBE_scrypt(const char *password, size_t password_len,
const uint8_t *salt, size_t salt_len, const uint8_t *salt, size_t salt_len,
uint64_t N, uint64_t r, uint64_t p, uint64_t N, uint64_t r, uint64_t p,